reverse proxy malware – Inside Your Botnet

proxylegitconnect.com (Reverse proxy malware hosted by ecatel.net)

By I_Post_Ur_Info, April 21, 2013

Resolved dq.proxylegitconnect.com to 89.248.172.174 Resolved bren.proxylegitconnect.com to 89.248.172.145 Servers: dq.proxylegitconnect.com, bren.proxylegitconnect.com Port: 8800 Based on the port and subdomains, this is the same guy as this previous post. Hosting infos: http://whois.domaintools.com/89.248.172.174 Hosting infos: http://whois.domaintools.com/89.248.172.175

193.107.19.151 (Reverse proxy malware hosted by 2×4.ru)

By I_Post_Ur_Info, January 23, 2013

Uncategorized

Server: 193.107.19.151 Bot connect port: 8898 Web login port: 2567 Server config: http://193.107.19.151/config.cfg According to the errors on the index page, it’s hosted on a windows vps. Hosting infos: http://whois.domaintools.com/193.107.19.151

oneproxifier.com (Reverse proxy malware hosted by ecatel.net)

By I_Post_Ur_Info, January 2, 2013

Uncategorized

Resolved w7bren.oneproxifier.com to 93.174.93.39, 89.248.174.42, 89.248.172.58, 93.174.93.204 Resolved extradq.oneproxifier.com to 94.102.49.207, 80.82.70.232 Here are two samples of what appears to be reverse proxy malware. It connects back to the indicated servers and maintains a connection, waiting to relay connections through the infected computer. It appears to only use windows servers for the back connect software.Read more...